@djangocfg/api 2.1.427 → 2.1.428
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/auth-server.cjs +248 -32
- package/dist/auth-server.cjs.map +1 -1
- package/dist/auth-server.mjs +248 -32
- package/dist/auth-server.mjs.map +1 -1
- package/dist/auth.cjs +271 -29
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.mjs +271 -29
- package/dist/auth.mjs.map +1 -1
- package/dist/clients.cjs +222 -25
- package/dist/clients.cjs.map +1 -1
- package/dist/clients.d.cts +35 -28
- package/dist/clients.d.ts +35 -28
- package/dist/clients.mjs +222 -25
- package/dist/clients.mjs.map +1 -1
- package/dist/hooks.cjs +117 -4
- package/dist/hooks.cjs.map +1 -1
- package/dist/hooks.mjs +117 -4
- package/dist/hooks.mjs.map +1 -1
- package/dist/index.cjs +277 -26
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +98 -29
- package/dist/index.d.ts +98 -29
- package/dist/index.mjs +277 -26
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
- package/src/_api/generated/client/index.ts +1 -0
- package/src/_api/generated/client/utils.gen.ts +2 -2
- package/src/_api/generated/client.gen.ts +2 -2
- package/src/_api/generated/core/auth.gen.ts +7 -0
- package/src/_api/generated/core/params.gen.ts +10 -8
- package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
- package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
- package/src/_api/generated/core/utils.gen.ts +4 -4
- package/src/_api/generated/helpers/auth.ts +127 -1
- package/src/_api/generated/sdk.gen.ts +149 -53
- package/src/auth/context/AuthContext.tsx +8 -0
- package/src/auth/utils/env.ts +18 -0
- package/src/auth/utils/logger.ts +11 -4
- package/src/index.ts +12 -0
- package/src/log-control.ts +81 -0
package/README.md
CHANGED
|
@@ -78,6 +78,62 @@ import {
|
|
|
78
78
|
} from '@djangocfg/api/auth';
|
|
79
79
|
```
|
|
80
80
|
|
|
81
|
+
## Token storage & DPoP
|
|
82
|
+
|
|
83
|
+
The token lives in the shared `auth` store (localStorage by default, switchable
|
|
84
|
+
to cookie):
|
|
85
|
+
|
|
86
|
+
```typescript
|
|
87
|
+
import { auth } from '@djangocfg/api';
|
|
88
|
+
|
|
89
|
+
auth.getToken(); // current access token
|
|
90
|
+
auth.setStorageMode('cookie'); // SSR-readable cookie instead of localStorage
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
### DPoP (RFC 9449) — sender-constrained tokens
|
|
94
|
+
|
|
95
|
+
When enabled, the generated client holds a **non-extractable** P-256 key
|
|
96
|
+
(IndexedDB) and attaches a fresh `DPoP` proof to every request, so a stolen
|
|
97
|
+
token can't be replayed. No BFF/proxy required.
|
|
98
|
+
|
|
99
|
+
```typescript
|
|
100
|
+
import { dpopEnabled } from '@djangocfg/api';
|
|
101
|
+
// true when NEXT_PUBLIC_DPOP_ENABLED==='true'
|
|
102
|
+
// (set it via createBaseNextConfig({ dpop: true }) in @djangocfg/nextjs)
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
Backend pairing: `JWTConfig(dpop_enabled=True)`. Full guide:
|
|
106
|
+
`@djangocfg/nextjs/@docs/DPOP.md`. The token is still readable via
|
|
107
|
+
`auth.getToken()` — DPoP protects by *binding* to the key, not by hiding the token.
|
|
108
|
+
|
|
109
|
+
## Logging — role-aware verbosity
|
|
110
|
+
|
|
111
|
+
All `@djangocfg/*` consola loggers read one global runtime level so the console
|
|
112
|
+
is clean for end users and verbose for admins/devs — like big SaaS apps.
|
|
113
|
+
|
|
114
|
+
```typescript
|
|
115
|
+
import { applyRoleLogPolicy, setLogLevel } from '@djangocfg/api';
|
|
116
|
+
|
|
117
|
+
// Usually automatic: AuthProvider calls this on login/logout.
|
|
118
|
+
// admin (is_staff/is_superuser) or dev → debug; prod regular user → errors only.
|
|
119
|
+
applyRoleLogPolicy({ isAdmin: user?.is_staff || user?.is_superuser });
|
|
120
|
+
|
|
121
|
+
// Manual override (0 silent · 1 error · 2 warn · 3 info · 4 debug · 5 trace):
|
|
122
|
+
setLogLevel(0);
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
Errors still flow to `@djangocfg/monitor` regardless of console level, so prod
|
|
126
|
+
incidents stay diagnosable.
|
|
127
|
+
|
|
128
|
+
## Env flags
|
|
129
|
+
|
|
130
|
+
`@djangocfg/api` is the lowest shared package, so env flags live here (single
|
|
131
|
+
source of truth):
|
|
132
|
+
|
|
133
|
+
```typescript
|
|
134
|
+
import { isDev, isProd, isBrowser, isStaticBuild, dpopEnabled } from '@djangocfg/api';
|
|
135
|
+
```
|
|
136
|
+
|
|
81
137
|
## Type Namespaces
|
|
82
138
|
|
|
83
139
|
```typescript
|
package/dist/auth-server.cjs
CHANGED
|
@@ -342,6 +342,99 @@ async function tryRefresh() {
|
|
|
342
342
|
return _refreshInflight;
|
|
343
343
|
}
|
|
344
344
|
__name(tryRefresh, "tryRefresh");
|
|
345
|
+
function dpopEnabled() {
|
|
346
|
+
try {
|
|
347
|
+
return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
348
|
+
} catch {
|
|
349
|
+
return false;
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
__name(dpopEnabled, "dpopEnabled");
|
|
353
|
+
var _DPOP_DB = "cfg-auth";
|
|
354
|
+
var _DPOP_STORE = "keys";
|
|
355
|
+
var _DPOP_KEY_ID = "dpop-ec-p256";
|
|
356
|
+
function _idbOpen() {
|
|
357
|
+
return new Promise((resolve, reject) => {
|
|
358
|
+
const req = indexedDB.open(_DPOP_DB, 1);
|
|
359
|
+
req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
|
|
360
|
+
req.onsuccess = () => resolve(req.result);
|
|
361
|
+
req.onerror = () => reject(req.error);
|
|
362
|
+
});
|
|
363
|
+
}
|
|
364
|
+
__name(_idbOpen, "_idbOpen");
|
|
365
|
+
function _idbGet(key) {
|
|
366
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
367
|
+
const tx = db.transaction(_DPOP_STORE, "readonly");
|
|
368
|
+
const req = tx.objectStore(_DPOP_STORE).get(key);
|
|
369
|
+
req.onsuccess = () => resolve(req.result);
|
|
370
|
+
req.onerror = () => reject(req.error);
|
|
371
|
+
}));
|
|
372
|
+
}
|
|
373
|
+
__name(_idbGet, "_idbGet");
|
|
374
|
+
function _idbPut(key, value) {
|
|
375
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
376
|
+
const tx = db.transaction(_DPOP_STORE, "readwrite");
|
|
377
|
+
tx.objectStore(_DPOP_STORE).put(value, key);
|
|
378
|
+
tx.oncomplete = () => resolve();
|
|
379
|
+
tx.onerror = () => reject(tx.error);
|
|
380
|
+
}));
|
|
381
|
+
}
|
|
382
|
+
__name(_idbPut, "_idbPut");
|
|
383
|
+
var _dpopKeyPromise = null;
|
|
384
|
+
function _getDpopKeyPair() {
|
|
385
|
+
if (_dpopKeyPromise) return _dpopKeyPromise;
|
|
386
|
+
_dpopKeyPromise = (async () => {
|
|
387
|
+
const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
|
|
388
|
+
if (existing) return existing;
|
|
389
|
+
const pair = await crypto.subtle.generateKey(
|
|
390
|
+
{ name: "ECDSA", namedCurve: "P-256" },
|
|
391
|
+
false,
|
|
392
|
+
// extractable:false — JS can sign but never export the private key
|
|
393
|
+
["sign"]
|
|
394
|
+
);
|
|
395
|
+
await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
|
|
396
|
+
});
|
|
397
|
+
return pair;
|
|
398
|
+
})();
|
|
399
|
+
return _dpopKeyPromise;
|
|
400
|
+
}
|
|
401
|
+
__name(_getDpopKeyPair, "_getDpopKeyPair");
|
|
402
|
+
function _b64urlFromBytes(bytes) {
|
|
403
|
+
const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
|
|
404
|
+
let s = "";
|
|
405
|
+
for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
|
|
406
|
+
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
407
|
+
}
|
|
408
|
+
__name(_b64urlFromBytes, "_b64urlFromBytes");
|
|
409
|
+
function _b64urlFromString(str) {
|
|
410
|
+
return _b64urlFromBytes(new TextEncoder().encode(str));
|
|
411
|
+
}
|
|
412
|
+
__name(_b64urlFromString, "_b64urlFromString");
|
|
413
|
+
async function _publicJwk(pub) {
|
|
414
|
+
const jwk = await crypto.subtle.exportKey("jwk", pub);
|
|
415
|
+
return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
|
|
416
|
+
}
|
|
417
|
+
__name(_publicJwk, "_publicJwk");
|
|
418
|
+
async function _makeDpopProof(method, url) {
|
|
419
|
+
try {
|
|
420
|
+
const pair = await _getDpopKeyPair();
|
|
421
|
+
const jwk = await _publicJwk(pair.publicKey);
|
|
422
|
+
const header = { typ: "dpop+jwt", alg: "ES256", jwk };
|
|
423
|
+
const htu = url.split("#")[0].split("?")[0];
|
|
424
|
+
const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
|
|
425
|
+
const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
|
|
426
|
+
const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
|
|
427
|
+
const sig = await crypto.subtle.sign(
|
|
428
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
429
|
+
pair.privateKey,
|
|
430
|
+
new TextEncoder().encode(signingInput)
|
|
431
|
+
);
|
|
432
|
+
return `${signingInput}.${_b64urlFromBytes(sig)}`;
|
|
433
|
+
} catch {
|
|
434
|
+
return null;
|
|
435
|
+
}
|
|
436
|
+
}
|
|
437
|
+
__name(_makeDpopProof, "_makeDpopProof");
|
|
345
438
|
function installAuthOnClient(client2) {
|
|
346
439
|
if (_client) return;
|
|
347
440
|
_client = client2;
|
|
@@ -349,7 +442,7 @@ function installAuthOnClient(client2) {
|
|
|
349
442
|
baseUrl: auth.getBaseUrl(),
|
|
350
443
|
credentials: _withCredentials ? "include" : "same-origin"
|
|
351
444
|
});
|
|
352
|
-
client2.interceptors.request.use((request) => {
|
|
445
|
+
client2.interceptors.request.use(async (request) => {
|
|
353
446
|
const token = auth.getToken();
|
|
354
447
|
if (token) request.headers.set("Authorization", `Bearer ${token}`);
|
|
355
448
|
const locale = auth.getLocale();
|
|
@@ -362,6 +455,10 @@ function installAuthOnClient(client2) {
|
|
|
362
455
|
} catch {
|
|
363
456
|
}
|
|
364
457
|
request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
|
|
458
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
459
|
+
const proof = await _makeDpopProof(request.method, request.url);
|
|
460
|
+
if (proof) request.headers.set("DPoP", proof);
|
|
461
|
+
}
|
|
365
462
|
return request;
|
|
366
463
|
});
|
|
367
464
|
client2.interceptors.error.use((err, res, req) => {
|
|
@@ -395,6 +492,10 @@ function installAuthOnClient(client2) {
|
|
|
395
492
|
const retry = request.clone();
|
|
396
493
|
retry.headers.set("Authorization", `Bearer ${newToken}`);
|
|
397
494
|
retry.headers.set(RETRY_MARKER, "1");
|
|
495
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
496
|
+
const proof = await _makeDpopProof(retry.method, retry.url);
|
|
497
|
+
if (proof) retry.headers.set("DPoP", proof);
|
|
498
|
+
}
|
|
398
499
|
try {
|
|
399
500
|
const retried = await fetch(retry);
|
|
400
501
|
if (retried.status === 401 && _onUnauthorized) {
|
|
@@ -1344,7 +1445,11 @@ var CfgAccountsApiKey = class {
|
|
|
1344
1445
|
static cfgAccountsApiKeyRetrieve(options) {
|
|
1345
1446
|
return (options?.client ?? client).get({
|
|
1346
1447
|
security: [
|
|
1347
|
-
{
|
|
1448
|
+
{
|
|
1449
|
+
key: "jwtAuth",
|
|
1450
|
+
scheme: "bearer",
|
|
1451
|
+
type: "http"
|
|
1452
|
+
},
|
|
1348
1453
|
{
|
|
1349
1454
|
in: "cookie",
|
|
1350
1455
|
name: "sessionid",
|
|
@@ -1364,7 +1469,11 @@ var CfgAccountsApiKey = class {
|
|
|
1364
1469
|
static cfgAccountsApiKeyRegenerateCreate(options) {
|
|
1365
1470
|
return (options.client ?? client).post({
|
|
1366
1471
|
security: [
|
|
1367
|
-
{
|
|
1472
|
+
{
|
|
1473
|
+
key: "jwtAuth",
|
|
1474
|
+
scheme: "bearer",
|
|
1475
|
+
type: "http"
|
|
1476
|
+
},
|
|
1368
1477
|
{
|
|
1369
1478
|
in: "cookie",
|
|
1370
1479
|
name: "sessionid",
|
|
@@ -1388,7 +1497,11 @@ var CfgAccountsApiKey = class {
|
|
|
1388
1497
|
static cfgAccountsApiKeyTestCreate(options) {
|
|
1389
1498
|
return (options.client ?? client).post({
|
|
1390
1499
|
security: [
|
|
1391
|
-
{
|
|
1500
|
+
{
|
|
1501
|
+
key: "jwtAuth",
|
|
1502
|
+
scheme: "bearer",
|
|
1503
|
+
type: "http"
|
|
1504
|
+
},
|
|
1392
1505
|
{
|
|
1393
1506
|
in: "cookie",
|
|
1394
1507
|
name: "sessionid",
|
|
@@ -1416,7 +1529,11 @@ var CfgAccountsOauth = class {
|
|
|
1416
1529
|
*/
|
|
1417
1530
|
static cfgAccountsOauthConnectionsList(options) {
|
|
1418
1531
|
return (options?.client ?? client).get({
|
|
1419
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1532
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1533
|
+
key: "jwtAuthWithLastLogin",
|
|
1534
|
+
scheme: "bearer",
|
|
1535
|
+
type: "http"
|
|
1536
|
+
}],
|
|
1420
1537
|
url: "/cfg/accounts/oauth/connections/",
|
|
1421
1538
|
...options
|
|
1422
1539
|
});
|
|
@@ -1428,7 +1545,11 @@ var CfgAccountsOauth = class {
|
|
|
1428
1545
|
*/
|
|
1429
1546
|
static cfgAccountsOauthDisconnectCreate(options) {
|
|
1430
1547
|
return (options.client ?? client).post({
|
|
1431
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1548
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1549
|
+
key: "jwtAuthWithLastLogin",
|
|
1550
|
+
scheme: "bearer",
|
|
1551
|
+
type: "http"
|
|
1552
|
+
}],
|
|
1432
1553
|
url: "/cfg/accounts/oauth/disconnect/",
|
|
1433
1554
|
...options,
|
|
1434
1555
|
headers: {
|
|
@@ -1485,7 +1606,11 @@ var CfgAccounts = class {
|
|
|
1485
1606
|
*/
|
|
1486
1607
|
static cfgAccountsOtpRequestCreate(options) {
|
|
1487
1608
|
return (options.client ?? client).post({
|
|
1488
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1609
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1610
|
+
key: "jwtAuthWithLastLogin",
|
|
1611
|
+
scheme: "bearer",
|
|
1612
|
+
type: "http"
|
|
1613
|
+
}],
|
|
1489
1614
|
url: "/cfg/accounts/otp/request/",
|
|
1490
1615
|
...options,
|
|
1491
1616
|
headers: {
|
|
@@ -1506,7 +1631,11 @@ var CfgAccounts = class {
|
|
|
1506
1631
|
*/
|
|
1507
1632
|
static cfgAccountsOtpVerifyCreate(options) {
|
|
1508
1633
|
return (options.client ?? client).post({
|
|
1509
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1634
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1635
|
+
key: "jwtAuthWithLastLogin",
|
|
1636
|
+
scheme: "bearer",
|
|
1637
|
+
type: "http"
|
|
1638
|
+
}],
|
|
1510
1639
|
url: "/cfg/accounts/otp/verify/",
|
|
1511
1640
|
...options,
|
|
1512
1641
|
headers: {
|
|
@@ -1527,7 +1656,11 @@ var CfgAccountsProfile = class {
|
|
|
1527
1656
|
*/
|
|
1528
1657
|
static cfgAccountsProfileRetrieve(options) {
|
|
1529
1658
|
return (options?.client ?? client).get({
|
|
1530
|
-
security: [{
|
|
1659
|
+
security: [{
|
|
1660
|
+
key: "jwtAuth",
|
|
1661
|
+
scheme: "bearer",
|
|
1662
|
+
type: "http"
|
|
1663
|
+
}, {
|
|
1531
1664
|
in: "cookie",
|
|
1532
1665
|
name: "sessionid",
|
|
1533
1666
|
type: "apiKey"
|
|
@@ -1544,7 +1677,11 @@ var CfgAccountsProfile = class {
|
|
|
1544
1677
|
static cfgAccountsProfileAvatarCreate(options) {
|
|
1545
1678
|
return (options?.client ?? client).post({
|
|
1546
1679
|
...formDataBodySerializer,
|
|
1547
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1680
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1681
|
+
key: "jwtAuthWithLastLogin",
|
|
1682
|
+
scheme: "bearer",
|
|
1683
|
+
type: "http"
|
|
1684
|
+
}],
|
|
1548
1685
|
url: "/cfg/accounts/profile/avatar/",
|
|
1549
1686
|
...options,
|
|
1550
1687
|
headers: {
|
|
@@ -1570,7 +1707,11 @@ var CfgAccountsProfile = class {
|
|
|
1570
1707
|
*/
|
|
1571
1708
|
static cfgAccountsProfileDeleteCreate(options) {
|
|
1572
1709
|
return (options?.client ?? client).post({
|
|
1573
|
-
security: [{
|
|
1710
|
+
security: [{
|
|
1711
|
+
key: "jwtAuth",
|
|
1712
|
+
scheme: "bearer",
|
|
1713
|
+
type: "http"
|
|
1714
|
+
}, {
|
|
1574
1715
|
in: "cookie",
|
|
1575
1716
|
name: "sessionid",
|
|
1576
1717
|
type: "apiKey"
|
|
@@ -1586,7 +1727,11 @@ var CfgAccountsProfile = class {
|
|
|
1586
1727
|
*/
|
|
1587
1728
|
static cfgAccountsProfilePartialPartialUpdate(options) {
|
|
1588
1729
|
return (options?.client ?? client).patch({
|
|
1589
|
-
security: [{
|
|
1730
|
+
security: [{
|
|
1731
|
+
key: "jwtAuth",
|
|
1732
|
+
scheme: "bearer",
|
|
1733
|
+
type: "http"
|
|
1734
|
+
}, {
|
|
1590
1735
|
in: "cookie",
|
|
1591
1736
|
name: "sessionid",
|
|
1592
1737
|
type: "apiKey"
|
|
@@ -1606,7 +1751,11 @@ var CfgAccountsProfile = class {
|
|
|
1606
1751
|
*/
|
|
1607
1752
|
static cfgAccountsProfilePartialUpdate(options) {
|
|
1608
1753
|
return (options?.client ?? client).put({
|
|
1609
|
-
security: [{
|
|
1754
|
+
security: [{
|
|
1755
|
+
key: "jwtAuth",
|
|
1756
|
+
scheme: "bearer",
|
|
1757
|
+
type: "http"
|
|
1758
|
+
}, {
|
|
1610
1759
|
in: "cookie",
|
|
1611
1760
|
name: "sessionid",
|
|
1612
1761
|
type: "apiKey"
|
|
@@ -1626,7 +1775,11 @@ var CfgAccountsProfile = class {
|
|
|
1626
1775
|
*/
|
|
1627
1776
|
static cfgAccountsProfileUpdatePartialUpdate(options) {
|
|
1628
1777
|
return (options?.client ?? client).patch({
|
|
1629
|
-
security: [{
|
|
1778
|
+
security: [{
|
|
1779
|
+
key: "jwtAuth",
|
|
1780
|
+
scheme: "bearer",
|
|
1781
|
+
type: "http"
|
|
1782
|
+
}, {
|
|
1630
1783
|
in: "cookie",
|
|
1631
1784
|
name: "sessionid",
|
|
1632
1785
|
type: "apiKey"
|
|
@@ -1646,7 +1799,11 @@ var CfgAccountsProfile = class {
|
|
|
1646
1799
|
*/
|
|
1647
1800
|
static cfgAccountsProfileUpdateUpdate(options) {
|
|
1648
1801
|
return (options?.client ?? client).put({
|
|
1649
|
-
security: [{
|
|
1802
|
+
security: [{
|
|
1803
|
+
key: "jwtAuth",
|
|
1804
|
+
scheme: "bearer",
|
|
1805
|
+
type: "http"
|
|
1806
|
+
}, {
|
|
1650
1807
|
in: "cookie",
|
|
1651
1808
|
name: "sessionid",
|
|
1652
1809
|
type: "apiKey"
|
|
@@ -1689,7 +1846,11 @@ var CfgCentrifugo = class {
|
|
|
1689
1846
|
*/
|
|
1690
1847
|
static cfgCentrifugoAuthTokenRetrieve(options) {
|
|
1691
1848
|
return (options?.client ?? client).get({
|
|
1692
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1849
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1850
|
+
key: "jwtAuthWithLastLogin",
|
|
1851
|
+
scheme: "bearer",
|
|
1852
|
+
type: "http"
|
|
1853
|
+
}],
|
|
1693
1854
|
url: "/cfg/centrifugo/auth/token/",
|
|
1694
1855
|
...options
|
|
1695
1856
|
});
|
|
@@ -1704,7 +1865,11 @@ var CfgTotpBackupCodes = class {
|
|
|
1704
1865
|
*/
|
|
1705
1866
|
static cfgTotpBackupCodesRetrieve(options) {
|
|
1706
1867
|
return (options?.client ?? client).get({
|
|
1707
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1868
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1869
|
+
key: "jwtAuthWithLastLogin",
|
|
1870
|
+
scheme: "bearer",
|
|
1871
|
+
type: "http"
|
|
1872
|
+
}],
|
|
1708
1873
|
url: "/cfg/totp/backup-codes/",
|
|
1709
1874
|
...options
|
|
1710
1875
|
});
|
|
@@ -1717,7 +1882,11 @@ var CfgTotpBackupCodes = class {
|
|
|
1717
1882
|
*/
|
|
1718
1883
|
static cfgTotpBackupCodesRegenerateCreate(options) {
|
|
1719
1884
|
return (options.client ?? client).post({
|
|
1720
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1885
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1886
|
+
key: "jwtAuthWithLastLogin",
|
|
1887
|
+
scheme: "bearer",
|
|
1888
|
+
type: "http"
|
|
1889
|
+
}],
|
|
1721
1890
|
url: "/cfg/totp/backup-codes/regenerate/",
|
|
1722
1891
|
...options,
|
|
1723
1892
|
headers: {
|
|
@@ -1736,7 +1905,11 @@ var CfgTotp = class {
|
|
|
1736
1905
|
*/
|
|
1737
1906
|
static cfgTotpDevicesRetrieve(options) {
|
|
1738
1907
|
return (options?.client ?? client).get({
|
|
1739
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1908
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1909
|
+
key: "jwtAuthWithLastLogin",
|
|
1910
|
+
scheme: "bearer",
|
|
1911
|
+
type: "http"
|
|
1912
|
+
}],
|
|
1740
1913
|
url: "/cfg/totp/devices/",
|
|
1741
1914
|
...options
|
|
1742
1915
|
});
|
|
@@ -1748,7 +1921,11 @@ var CfgTotp = class {
|
|
|
1748
1921
|
*/
|
|
1749
1922
|
static cfgTotpDevicesDestroy(options) {
|
|
1750
1923
|
return (options.client ?? client).delete({
|
|
1751
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1924
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1925
|
+
key: "jwtAuthWithLastLogin",
|
|
1926
|
+
scheme: "bearer",
|
|
1927
|
+
type: "http"
|
|
1928
|
+
}],
|
|
1752
1929
|
url: "/cfg/totp/devices/{id}/",
|
|
1753
1930
|
...options
|
|
1754
1931
|
});
|
|
@@ -1760,7 +1937,11 @@ var CfgTotp = class {
|
|
|
1760
1937
|
*/
|
|
1761
1938
|
static cfgTotpDisableCreate(options) {
|
|
1762
1939
|
return (options.client ?? client).post({
|
|
1763
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1940
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1941
|
+
key: "jwtAuthWithLastLogin",
|
|
1942
|
+
scheme: "bearer",
|
|
1943
|
+
type: "http"
|
|
1944
|
+
}],
|
|
1764
1945
|
url: "/cfg/totp/disable/",
|
|
1765
1946
|
...options,
|
|
1766
1947
|
headers: {
|
|
@@ -1781,7 +1962,11 @@ var CfgTotpSetup = class {
|
|
|
1781
1962
|
*/
|
|
1782
1963
|
static cfgTotpSetupCreate(options) {
|
|
1783
1964
|
return (options?.client ?? client).post({
|
|
1784
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1965
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1966
|
+
key: "jwtAuthWithLastLogin",
|
|
1967
|
+
scheme: "bearer",
|
|
1968
|
+
type: "http"
|
|
1969
|
+
}],
|
|
1785
1970
|
url: "/cfg/totp/setup/",
|
|
1786
1971
|
...options,
|
|
1787
1972
|
headers: {
|
|
@@ -1797,7 +1982,11 @@ var CfgTotpSetup = class {
|
|
|
1797
1982
|
*/
|
|
1798
1983
|
static cfgTotpSetupConfirmCreate(options) {
|
|
1799
1984
|
return (options.client ?? client).post({
|
|
1800
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1985
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
1986
|
+
key: "jwtAuthWithLastLogin",
|
|
1987
|
+
scheme: "bearer",
|
|
1988
|
+
type: "http"
|
|
1989
|
+
}],
|
|
1801
1990
|
url: "/cfg/totp/setup/confirm/",
|
|
1802
1991
|
...options,
|
|
1803
1992
|
headers: {
|
|
@@ -1818,7 +2007,11 @@ var CfgTotpVerify = class {
|
|
|
1818
2007
|
*/
|
|
1819
2008
|
static cfgTotpVerifyCreate(options) {
|
|
1820
2009
|
return (options.client ?? client).post({
|
|
1821
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
2010
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
2011
|
+
key: "jwtAuthWithLastLogin",
|
|
2012
|
+
scheme: "bearer",
|
|
2013
|
+
type: "http"
|
|
2014
|
+
}],
|
|
1822
2015
|
url: "/cfg/totp/verify/",
|
|
1823
2016
|
...options,
|
|
1824
2017
|
headers: {
|
|
@@ -1834,7 +2027,11 @@ var CfgTotpVerify = class {
|
|
|
1834
2027
|
*/
|
|
1835
2028
|
static cfgTotpVerifyBackupCreate(options) {
|
|
1836
2029
|
return (options.client ?? client).post({
|
|
1837
|
-
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
2030
|
+
security: [{ name: "X-API-Key", type: "apiKey" }, {
|
|
2031
|
+
key: "jwtAuthWithLastLogin",
|
|
2032
|
+
scheme: "bearer",
|
|
2033
|
+
type: "http"
|
|
2034
|
+
}],
|
|
1838
2035
|
url: "/cfg/totp/verify/backup/",
|
|
1839
2036
|
...options,
|
|
1840
2037
|
headers: {
|
|
@@ -2049,19 +2246,38 @@ var CfgAccountsApi = new API();
|
|
|
2049
2246
|
var CfgCentrifugoApi = new API2();
|
|
2050
2247
|
var CfgTotpApi = new API3();
|
|
2051
2248
|
|
|
2052
|
-
// src/auth/utils/logger.ts
|
|
2053
|
-
var import_consola2 = require("consola");
|
|
2054
|
-
|
|
2055
2249
|
// src/auth/utils/env.ts
|
|
2056
2250
|
var isDev = process.env.NODE_ENV === "development";
|
|
2251
|
+
var isStaticBuild = process.env.NEXT_PUBLIC_STATIC_BUILD === "true";
|
|
2252
|
+
var dpopEnabled2 = process.env.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
2253
|
+
|
|
2254
|
+
// src/log-control.ts
|
|
2255
|
+
var verboseByDefault = isDev || isStaticBuild;
|
|
2256
|
+
var DEFAULT_LEVEL = verboseByDefault ? 4 : 1;
|
|
2257
|
+
var _level = DEFAULT_LEVEL;
|
|
2258
|
+
var _subscribers = /* @__PURE__ */ new Set();
|
|
2259
|
+
function getLogLevel() {
|
|
2260
|
+
return _level;
|
|
2261
|
+
}
|
|
2262
|
+
__name(getLogLevel, "getLogLevel");
|
|
2263
|
+
function onLogLevelChange(fn) {
|
|
2264
|
+
_subscribers.add(fn);
|
|
2265
|
+
try {
|
|
2266
|
+
fn(_level);
|
|
2267
|
+
} catch {
|
|
2268
|
+
}
|
|
2269
|
+
return () => _subscribers.delete(fn);
|
|
2270
|
+
}
|
|
2271
|
+
__name(onLogLevelChange, "onLogLevelChange");
|
|
2057
2272
|
|
|
2058
2273
|
// src/auth/utils/logger.ts
|
|
2059
|
-
var
|
|
2060
|
-
var showLogs = isDev || isStaticBuild;
|
|
2274
|
+
var import_consola2 = require("consola");
|
|
2061
2275
|
var logger = (0, import_consola2.createConsola)({
|
|
2062
|
-
level:
|
|
2063
|
-
// dev: debug, production: errors only
|
|
2276
|
+
level: getLogLevel()
|
|
2064
2277
|
}).withTag("api");
|
|
2278
|
+
onLogLevelChange((level) => {
|
|
2279
|
+
logger.level = level;
|
|
2280
|
+
});
|
|
2065
2281
|
var authLogger = logger.withTag("auth");
|
|
2066
2282
|
|
|
2067
2283
|
// src/auth/middlewares/tokenRefresh.ts
|